1 /* ebt_arp
2 *
3 * Authors:
4 * Bart De Schuymer <bdschuym@pandora.be>
5 * Tim Gardner <timg@tpi.com>
6 *
7 * April, 2002
8 */
9
10 #include <stdio.h>
11 #include <string.h>
12 #include <stdlib.h>
13 #include <getopt.h>
14 #include <xtables.h>
15 #include <netinet/ether.h>
16
17 #include <xtables.h>
18 #include <net/if_arp.h>
19 #include <linux/netfilter_bridge/ebt_arp.h>
20 #include "iptables/nft.h"
21 #include "iptables/nft-bridge.h"
22
23 #define ARP_OPCODE '1'
24 #define ARP_HTYPE '2'
25 #define ARP_PTYPE '3'
26 #define ARP_IP_S '4'
27 #define ARP_IP_D '5'
28 #define ARP_MAC_S '6'
29 #define ARP_MAC_D '7'
30 #define ARP_GRAT '8'
31
32 static const struct option brarp_opts[] = {
33 { "arp-opcode" , required_argument, 0, ARP_OPCODE },
34 { "arp-op" , required_argument, 0, ARP_OPCODE },
35 { "arp-htype" , required_argument, 0, ARP_HTYPE },
36 { "arp-ptype" , required_argument, 0, ARP_PTYPE },
37 { "arp-ip-src" , required_argument, 0, ARP_IP_S },
38 { "arp-ip-dst" , required_argument, 0, ARP_IP_D },
39 { "arp-mac-src" , required_argument, 0, ARP_MAC_S },
40 { "arp-mac-dst" , required_argument, 0, ARP_MAC_D },
41 { "arp-gratuitous", no_argument, 0, ARP_GRAT },
42 XT_GETOPT_TABLEEND,
43 };
44
45 /* a few names */
46 static char *opcodes[] =
47 {
48 "Request",
49 "Reply",
50 "Request_Reverse",
51 "Reply_Reverse",
52 "DRARP_Request",
53 "DRARP_Reply",
54 "DRARP_Error",
55 "InARP_Request",
56 "ARP_NAK",
57 };
58
brarp_print_help(void)59 static void brarp_print_help(void)
60 {
61 int i;
62
63 printf(
64 "arp options:\n"
65 "--arp-opcode [!] opcode : ARP opcode (integer or string)\n"
66 "--arp-htype [!] type : ARP hardware type (integer or string)\n"
67 "--arp-ptype [!] type : ARP protocol type (hexadecimal or string)\n"
68 "--arp-ip-src [!] address[/mask]: ARP IP source specification\n"
69 "--arp-ip-dst [!] address[/mask]: ARP IP target specification\n"
70 "--arp-mac-src [!] address[/mask]: ARP MAC source specification\n"
71 "--arp-mac-dst [!] address[/mask]: ARP MAC target specification\n"
72 "[!] --arp-gratuitous : ARP gratuitous packet\n"
73 " opcode strings: \n");
74 for (i = 0; i < ARRAY_SIZE(opcodes); i++)
75 printf(" %d = %s\n", i + 1, opcodes[i]);
76 printf(
77 " hardware type string: 1 = Ethernet\n"
78 " protocol type string: see "XT_PATH_ETHERTYPES"\n");
79 }
80
81 #define OPT_OPCODE 0x01
82 #define OPT_HTYPE 0x02
83 #define OPT_PTYPE 0x04
84 #define OPT_IP_S 0x08
85 #define OPT_IP_D 0x10
86 #define OPT_MAC_S 0x20
87 #define OPT_MAC_D 0x40
88 #define OPT_GRAT 0x80
89
undot_ip(char * ip,unsigned char * ip2)90 static int undot_ip(char *ip, unsigned char *ip2)
91 {
92 char *p, *q, *end;
93 long int onebyte;
94 int i;
95 char buf[20];
96
97 strncpy(buf, ip, sizeof(buf) - 1);
98
99 p = buf;
100 for (i = 0; i < 3; i++) {
101 if ((q = strchr(p, '.')) == NULL)
102 return -1;
103 *q = '\0';
104 onebyte = strtol(p, &end, 10);
105 if (*end != '\0' || onebyte > 255 || onebyte < 0)
106 return -1;
107 ip2[i] = (unsigned char)onebyte;
108 p = q + 1;
109 }
110
111 onebyte = strtol(p, &end, 10);
112 if (*end != '\0' || onebyte > 255 || onebyte < 0)
113 return -1;
114 ip2[3] = (unsigned char)onebyte;
115
116 return 0;
117 }
118
ip_mask(char * mask,unsigned char * mask2)119 static int ip_mask(char *mask, unsigned char *mask2)
120 {
121 char *end;
122 long int bits;
123 uint32_t mask22;
124
125 if (undot_ip(mask, mask2)) {
126 /* not the /a.b.c.e format, maybe the /x format */
127 bits = strtol(mask, &end, 10);
128 if (*end != '\0' || bits > 32 || bits < 0)
129 return -1;
130 if (bits != 0) {
131 mask22 = htonl(0xFFFFFFFF << (32 - bits));
132 memcpy(mask2, &mask22, 4);
133 } else {
134 mask22 = 0xFFFFFFFF;
135 memcpy(mask2, &mask22, 4);
136 }
137 }
138 return 0;
139 }
140
ebt_parse_ip_address(char * address,uint32_t * addr,uint32_t * msk)141 static void ebt_parse_ip_address(char *address, uint32_t *addr, uint32_t *msk)
142 {
143 char *p;
144
145 /* first the mask */
146 if ((p = strrchr(address, '/')) != NULL) {
147 *p = '\0';
148 if (ip_mask(p + 1, (unsigned char *)msk)) {
149 xtables_error(PARAMETER_PROBLEM,
150 "Problem with the IP mask '%s'", p + 1);
151 return;
152 }
153 } else
154 *msk = 0xFFFFFFFF;
155
156 if (undot_ip(address, (unsigned char *)addr)) {
157 xtables_error(PARAMETER_PROBLEM,
158 "Problem with the IP address '%s'", address);
159 return;
160 }
161 *addr = *addr & *msk;
162 }
163
164 static int
brarp_parse(int c,char ** argv,int invert,unsigned int * flags,const void * entry,struct xt_entry_match ** match)165 brarp_parse(int c, char **argv, int invert, unsigned int *flags,
166 const void *entry, struct xt_entry_match **match)
167 {
168 struct ebt_arp_info *arpinfo = (struct ebt_arp_info *)(*match)->data;
169 long int i;
170 char *end;
171 uint32_t *addr;
172 uint32_t *mask;
173 unsigned char *maddr;
174 unsigned char *mmask;
175
176 switch (c) {
177 case ARP_OPCODE:
178 EBT_CHECK_OPTION(flags, OPT_OPCODE);
179 if (invert)
180 arpinfo->invflags |= EBT_ARP_OPCODE;
181 i = strtol(optarg, &end, 10);
182 if (i < 0 || i >= (0x1 << 16) || *end !='\0') {
183 for (i = 0; i < ARRAY_SIZE(opcodes); i++)
184 if (!strcasecmp(opcodes[i], optarg))
185 break;
186 if (i == ARRAY_SIZE(opcodes))
187 xtables_error(PARAMETER_PROBLEM, "Problem with specified ARP opcode");
188 i++;
189 }
190 arpinfo->opcode = htons(i);
191 arpinfo->bitmask |= EBT_ARP_OPCODE;
192 break;
193
194 case ARP_HTYPE:
195 EBT_CHECK_OPTION(flags, OPT_HTYPE);
196 if (invert)
197 arpinfo->invflags |= EBT_ARP_HTYPE;
198 i = strtol(optarg, &end, 10);
199 if (i < 0 || i >= (0x1 << 16) || *end !='\0') {
200 if (!strcasecmp("Ethernet", argv[optind - 1]))
201 i = 1;
202 else
203 xtables_error(PARAMETER_PROBLEM, "Problem with specified ARP hardware type");
204 }
205 arpinfo->htype = htons(i);
206 arpinfo->bitmask |= EBT_ARP_HTYPE;
207 break;
208 case ARP_PTYPE: {
209 uint16_t proto;
210
211 EBT_CHECK_OPTION(flags, OPT_PTYPE);
212 if (invert)
213 arpinfo->invflags |= EBT_ARP_PTYPE;
214
215 i = strtol(optarg, &end, 16);
216 if (i < 0 || i >= (0x1 << 16) || *end !='\0') {
217 struct xt_ethertypeent *ent;
218
219 ent = xtables_getethertypebyname(argv[optind - 1]);
220 if (!ent)
221 xtables_error(PARAMETER_PROBLEM, "Problem with specified ARP "
222 "protocol type");
223 proto = ent->e_ethertype;
224
225 } else
226 proto = i;
227 arpinfo->ptype = htons(proto);
228 arpinfo->bitmask |= EBT_ARP_PTYPE;
229 break;
230 }
231
232 case ARP_IP_S:
233 case ARP_IP_D:
234 if (c == ARP_IP_S) {
235 EBT_CHECK_OPTION(flags, OPT_IP_S);
236 addr = &arpinfo->saddr;
237 mask = &arpinfo->smsk;
238 arpinfo->bitmask |= EBT_ARP_SRC_IP;
239 } else {
240 EBT_CHECK_OPTION(flags, OPT_IP_D);
241 addr = &arpinfo->daddr;
242 mask = &arpinfo->dmsk;
243 arpinfo->bitmask |= EBT_ARP_DST_IP;
244 }
245 if (invert) {
246 if (c == ARP_IP_S)
247 arpinfo->invflags |= EBT_ARP_SRC_IP;
248 else
249 arpinfo->invflags |= EBT_ARP_DST_IP;
250 }
251 ebt_parse_ip_address(optarg, addr, mask);
252 break;
253 case ARP_MAC_S:
254 case ARP_MAC_D:
255 if (c == ARP_MAC_S) {
256 EBT_CHECK_OPTION(flags, OPT_MAC_S);
257 maddr = arpinfo->smaddr;
258 mmask = arpinfo->smmsk;
259 arpinfo->bitmask |= EBT_ARP_SRC_MAC;
260 } else {
261 EBT_CHECK_OPTION(flags, OPT_MAC_D);
262 maddr = arpinfo->dmaddr;
263 mmask = arpinfo->dmmsk;
264 arpinfo->bitmask |= EBT_ARP_DST_MAC;
265 }
266 if (invert) {
267 if (c == ARP_MAC_S)
268 arpinfo->invflags |= EBT_ARP_SRC_MAC;
269 else
270 arpinfo->invflags |= EBT_ARP_DST_MAC;
271 }
272 if (xtables_parse_mac_and_mask(optarg, maddr, mmask))
273 xtables_error(PARAMETER_PROBLEM, "Problem with ARP MAC address argument");
274 break;
275 case ARP_GRAT:
276 EBT_CHECK_OPTION(flags, OPT_GRAT);
277 arpinfo->bitmask |= EBT_ARP_GRAT;
278 if (invert)
279 arpinfo->invflags |= EBT_ARP_GRAT;
280 break;
281 default:
282 return 0;
283 }
284 return 1;
285 }
286
brarp_print(const void * ip,const struct xt_entry_match * match,int numeric)287 static void brarp_print(const void *ip, const struct xt_entry_match *match, int numeric)
288 {
289 const struct ebt_arp_info *arpinfo = (struct ebt_arp_info *)match->data;
290
291 if (arpinfo->bitmask & EBT_ARP_OPCODE) {
292 int opcode = ntohs(arpinfo->opcode);
293 printf("--arp-op ");
294 if (arpinfo->invflags & EBT_ARP_OPCODE)
295 printf("! ");
296 if (opcode > 0 && opcode <= ARRAY_SIZE(opcodes))
297 printf("%s ", opcodes[opcode - 1]);
298 else
299 printf("%d ", opcode);
300 }
301 if (arpinfo->bitmask & EBT_ARP_HTYPE) {
302 printf("--arp-htype ");
303 if (arpinfo->invflags & EBT_ARP_HTYPE)
304 printf("! ");
305 printf("%d ", ntohs(arpinfo->htype));
306 }
307 if (arpinfo->bitmask & EBT_ARP_PTYPE) {
308 printf("--arp-ptype ");
309 if (arpinfo->invflags & EBT_ARP_PTYPE)
310 printf("! ");
311 printf("0x%x ", ntohs(arpinfo->ptype));
312 }
313 if (arpinfo->bitmask & EBT_ARP_SRC_IP) {
314 printf("--arp-ip-src ");
315 if (arpinfo->invflags & EBT_ARP_SRC_IP)
316 printf("! ");
317 printf("%s%s ", xtables_ipaddr_to_numeric((const struct in_addr*) &arpinfo->saddr),
318 xtables_ipmask_to_numeric((const struct in_addr*)&arpinfo->smsk));
319 }
320 if (arpinfo->bitmask & EBT_ARP_DST_IP) {
321 printf("--arp-ip-dst ");
322 if (arpinfo->invflags & EBT_ARP_DST_IP)
323 printf("! ");
324 printf("%s%s ", xtables_ipaddr_to_numeric((const struct in_addr*) &arpinfo->daddr),
325 xtables_ipmask_to_numeric((const struct in_addr*)&arpinfo->dmsk));
326 }
327 if (arpinfo->bitmask & EBT_ARP_SRC_MAC) {
328 printf("--arp-mac-src ");
329 if (arpinfo->invflags & EBT_ARP_SRC_MAC)
330 printf("! ");
331 xtables_print_mac_and_mask(arpinfo->smaddr, arpinfo->smmsk);
332 printf(" ");
333 }
334 if (arpinfo->bitmask & EBT_ARP_DST_MAC) {
335 printf("--arp-mac-dst ");
336 if (arpinfo->invflags & EBT_ARP_DST_MAC)
337 printf("! ");
338 xtables_print_mac_and_mask(arpinfo->dmaddr, arpinfo->dmmsk);
339 printf(" ");
340 }
341 if (arpinfo->bitmask & EBT_ARP_GRAT) {
342 if (arpinfo->invflags & EBT_ARP_GRAT)
343 printf("! ");
344 printf("--arp-gratuitous ");
345 }
346 }
347
348 static struct xtables_match brarp_match = {
349 .name = "arp",
350 .version = XTABLES_VERSION,
351 .family = NFPROTO_BRIDGE,
352 .size = XT_ALIGN(sizeof(struct ebt_arp_info)),
353 .userspacesize = XT_ALIGN(sizeof(struct ebt_arp_info)),
354 .help = brarp_print_help,
355 .parse = brarp_parse,
356 .print = brarp_print,
357 .extra_opts = brarp_opts,
358 };
359
_init(void)360 void _init(void)
361 {
362 xtables_register_match(&brarp_match);
363 }
364